How to Re-enable CSF Firewall on CyberPanel

How to Re-enable CSF Firewall on CyberPanel 2.3.6 (and Later Commits of 2.3.5)

If you’ve recently updated to CyberPanel version 2.3.6 or the later commits of 2.3.5, you may have noticed that the CSF (ConfigServer Security & Firewall) firewall has been disabled. This issue is directly tied to CyberPanel’s upgrade from Django v3 to v4, which introduces significant changes that are currently incompatible with CSF. Unfortunately, CSF has not yet updated their code to work with Django 4, leaving many users without a functional firewall.

The Problem

CyberPanel’s shift from Django v3 to v4 was necessary to keep up with the latest web development standards, but it has caused a major conflict with CSF. The core issue is that CSF, which many users rely on for firewall management, hasn’t been updated to support Django 4. This incompatibility has led to the disabling of CSF in CyberPanel 2.3.6 and later versions, leaving your server potentially vulnerable.

A Temporary Solution: Manual Rollback

For those who need to regain CSF functionality, a temporary solution is to manually roll back to a version of CyberPanel that is still compatible with CSF. To simplify this process, I’ve created a script that automates the rollback.

What the Script Does

1. Backup CyberPanel and CSF Configurations:
   • The script first creates a backup of your /usr/local/CyberCP directory to ensure that your current CyberPanel setup is safely stored.
   • It also backs up your CSF configuration files /etc/csf(If it exists). Since we need to remove and reinstall CSF, this step ensures that all your custom firewall settings are preserved.
2. Download Compatible CyberPanel Version:
   • The script downloads a version of CyberPanel that works with CSF. This version still uses Django v3, which is fully compatible with CSF.
   • Backup and restore Credentials stored in settings.py
3. Downgrade Django and reinstall CSF:
   • The script uninstalls and reinstalls CSF through Cyberpanel which fixes the UI.
   • Finally, the script downgrades Django from v4 to v3, aligning it with the downloaded version of CyberPanel and ensuring that CSF can function correctly.

How to Use the Script

To use this rollback script, follow these steps:

1. Download the Script: cyberpanel_csf_rollback.sh
2. Make The script executable:

   chmod +x cyberpanel_csf_rollback.sh

3. Run the Script: Execute the script with root privileges to start the rollback process.

   ./cyberpanel_csf_rollback.sh

4. Verify Installation: Once the script completes, verify that CyberPanel is functioning as expected. The script will Output the backup files created.

IMPORTANT NOTE:

If after running the script you still get a 500 error, then check the django version. This should return 3.1.3

/usr/bin/python -m django --version

If it is not 3.1.3, then run the following:

/usr/bin/pip install -r "/usr/local/CyberCP/requirments.txt" --force-reinstall
service lscpd restart

Conclusion

While this manual rollback is a temporary fix, it’s essential for those who rely on CSF for firewall management. Until CSF updates their code to be compatible with Django 4, this workaround will allow you to maintain your server’s security. Keep an eye on updates from CSF and CyberPanel for a more permanent solution in the future.